Adding this additional point of failure here doesn't seem to generate meaningful value, since you can accomplish the same thing by storing the access token as an HttpOnly cookie. As a matter of fact, this is exactly how Authress protects tokens, with the added benefit of no additional services in the middle.
Warren Parad
CTO Rhosys
Adding this additional point of failure here doesn't seem to generate meaningful value, since you can accomplish the same thing by storing the access token as an HttpOnly cookie. As a matter of fact, this is exactly how Authress protects tokens, with the added benefit of no additional services in the middle.